nanog mailing list archives
Re: Securing the BGP or controlling it?
From: Nick Hilliard <nick () foobar org>
Date: Tue, 11 May 2010 14:32:19 +0100
On 10/05/2010 20:20, Randy Bush wrote:
if something like those happen again, we are gonna be spending a lot of time explaining our selves to people who wear funny clothes, and telling them why it is not going to happen again if they let us keep our jobs.
Yes, I have observed that people who wear funny clothes with blood constriction devices wrapped tightly around their necks seem to be concerned primarily with ass covering theatre. Risk analysis is ass covering without the theatre. You collect data, make a judgement based on that data, and if it turns out that the judgement says that signed bgp updates constitute more of a stability risk to network operations than the occasional shock problem, then you point these people with odd dress sense towards the conclusions of this risk analysis report, having made sure that the conclusions are printed in a 48pt font, with no more than 2 syllables per word, preferably with a filled circle preceding each sentence. It may well be that they will ignore the risk analysis and be more concerned with the theatre than with data; this happens all the time, an excellent example being airport security, where security theatre seems to be considered much more important than actual security. Or it could go the other way, where risk analysis dictates that sensible precautions be taken, but they are thrown out for other reasons. A good example here is road safety, where it would be sensible to speed limit all cars to 50km/h, and ban motorbikes and bull-bars; but instead we substantially choose to ignore the risk and accept an attrition rate of 80,000 people every year between Europe and the US. Nick
Current thread:
- Re: Securing the BGP or controlling it?, (continued)
- Re: Securing the BGP or controlling it? deleskie (May 10)
- RE: Securing the BGP or controlling it? Hank Nussbacher (May 10)
- Re: Securing the BGP or controlling it? Nick Hilliard (May 10)
- Re: Securing the BGP or controlling it? Aaron Glenn (May 10)
- Re: Securing the BGP or controlling it? Nick Hilliard (May 10)
- Re: Securing the BGP or controlling it? Jared Mauch (May 10)
- Re: Securing the BGP or controlling it? Nick Hilliard (May 10)
- Re: Securing the BGP or controlling it? Joe Abley (May 10)
- Re: Securing the BGP or controlling it? Danny McPherson (May 10)
- Re: Securing the BGP or controlling it? Randy Bush (May 10)
- Re: Securing the BGP or controlling it? Nick Hilliard (May 11)
- Re: Securing the BGP or controlling it? Danny McPherson (May 11)
- Re: Securing the BGP or controlling it? Marshall Eubanks (May 11)
- Re: Securing the BGP or controlling it? Patrick W. Gilmore (May 11)
- Re: Securing the BGP or controlling it? Danny McPherson (May 10)
- Re: Securing the BGP or controlling it? Larry Sheldon (May 10)
- Re: Securing the BGP or controlling it? Danny McPherson (May 10)
- Re: Securing the BGP or controlling it? deleskie (May 10)
- Re: Securing the BGP or controlling it? Randy Bush (May 10)
- Re: Securing the BGP or controlling it? Larry Sheldon (May 10)